On Thu, 13 Feb 2025 18:32:41 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java
>> line 122:
>>
>>> 120: } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
>>> 121: mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
>>> 122: } else if (tlsVersion == 0x0303) {
>>
>> Should TLS 1.2 also use CKM_TLS12_KEY_AND_MAC_DERIVE?
>
> TLS 1.2 is version 3.3.
> The versions are:
> SSL 3.0 - 3.0
> TLS 1.0 - 3.1
> TLS 1.1 - 3.2
> TLS 1.2 - 3.3
Ah ok. So I assume TLS 1.3 is using a different code path or KDF.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23583#discussion_r1955042992
